[release-announce] tripleo-heat-templates 14.2.0 (wallaby)
no-reply at openstack.org
no-reply at openstack.org
Mon Jul 19 09:51:53 UTC 2021
We are chuffed to announce the release of:
tripleo-heat-templates 14.2.0: Heat templates for deploying OpenStack
with OpenStack.
This release is part of the wallaby stable release series.
The source is available from:
https://opendev.org/openstack/tripleo-heat-templates
Download the package from:
https://tarballs.openstack.org/tripleo-heat-templates/
Please report issues through:
https://bugs.launchpad.net/tripleo/+bugs
For more details, please see below.
14.2.0
^^^^^^
Prelude
*******
Enablement of data collection and transportation to an STF instance is
now handled via existing templates.
New Features
************
* The following parameters add support for mounting Cinder's image
conversion directory on an external NFS share.
* CinderImageConversionNfsShare
* CinderImageConversionNfsOptions
* The "glance_api_cron" container has been introduced, which
executes db purge job for Glance service. Use GlanceCronDbPurge*
parameters to override cron parameters.
* The new "MemcacheUseAdvancedPool" parameter is added which enables
usage of advanced poll for memcached connections in keystone
middleware. This parameter is set to "true" by default to avoind
bursting connections in some services like neutron.
* When nova_virtlogd container gets restarted the instance console
auth files will not be reopened again by virtlogd. As a result
either instances need to be restarted or live migrated to a
different compute node to get new console logs messages logged
again. Usually on receipt of SIGUSR1, virtlogd will re-exec() its
binary, while maintaining all current logs and clients. This allows
for live upgrades of the virtlogd service on non containerized
environments where updates just by doing an RPM update. To reduce
the likelihood in a containerized environment virtlogd should only
be restarted on manual request, or on compute node reboot. It should
not be restarted on a minor update without migration off instances.
This introduces a nova_virtlogd_wrapper container and virtlogd
wrapper script, to only restart virtlogd on either manual or compute
node restart.
* Add support for OVS DPDK pmd auto balance parameters. This feature
adds 3 new role specific THT parameters to set pmd-auto-lb-load-
threshold, pmd-auto-lb-improvement-threshold, and pmd-auto-lb-rebal-
interval in OVS through OvsPmdLoadThreshold,
OvsPmdImprovementThreshold and OvsPmdRebalInterval respectively.
* Introduce new parameter to configure OVS PMD Auto Load Balance for
OVS DPDK
* New parameter *RbdDiskCachemodes* allows to override the disk
cache modes for RBD. Defaults to ['network=writeback'].
* A new service,
OS::TripleO::Services::UndercloudUpgradeEphemeralHeat is added to
the Undercloud role. The service is mapped to OS::Heat::None by
default, but when environments/lifecycle /undercloud-upgrade-
prepare.yaml is included, the service will be enabled and will
migrate any already deployed stacks in the undercloud's Heat
instance to be able to be used with the ephemeral Heat deployment
option from tripleoclient.
Upgrade Notes
*************
* When upgrading a deployment with the use of enable-stf.yaml, add
the following files to your overcloud deployment command in order to
maintain the existing services defined in enable-stf.yaml.
* environments/metrics/collectd-write-qdr.yaml
* environments/metrics/ceilometer-write-qdr.yaml
* environments/metrics/qdr-edge-only.yaml
Bug Fixes
*********
* On the compute nodes, right now ssl certificates got created for
libvirt, qemu-default, qemu-vnc and qemu-nbd. This is not required
because the all services use the same NovaLibvirtNetwork network and
therefore multiple certificates for the same hostname get created.
Also from qemu point of view, if default_tls_x509_cert_dir and
default_tls_x509_verify parameters get set for all certificates,
there is no need to specify any of the other **_tls** config
options. From Secure live migration with QEMU-native TLS
(https://docs.openstack.org/nova/latest/admin/secure-live-migration-
with-qemu-native-tls.html)
The intention (of libvirt) is that you can just use the
default_tls_x509_* config attributes so that you don’t need to set
any other **_tls** parameters, unless you need different
certificates for some services. The rationale for that is that some
services (e.g. migration / NBD) are only exposed to internal
infrastructure; while some sevices (VNC, Spice) might be exposed
publically, so might need different certificates. For OpenStack this
does not matter, though, we will stick with the defaults.
Therefore with this change InternalTLSNbdCAFile,
InternalTLSVncCAFile and InternalTLSQemuCAFile get removed (which
defaulted to /etc/ipa/ca.crt anyways) and just use
InternalTLSCAFile.
Also all cerfificates get created when EnableInternalTLS is true to
and mount all SSL certificates from the host. This is to prevent
certificate information is not available in a qemu's process
container environment if features get switched later, which has
shown to be problematic.
Other Notes
***********
* Using enable-stf.yaml now defines the expected configuration in
OpenStack for use with Service Telemetry Framework. Removal of the
defined resource_registry now requires passing additional
environment files to enable the preferred data collectors and
transport architecture, providing better flexibility to support
additional architectures in the future.
* These parameters can now be set per-role - DnfStreams,
UpgradeInitCommand, UpgradeLeappCommandOptions,
UpgradeLeappDevelSkip, UpgradeLeappToRemove, UpgradeLeappToInstall
Changes in tripleo-heat-templates 14.1.2..14.2.0
------------------------------------------------
be2c8e62c Make default of NeutronDefaultAvailabilityZones empty array
f972c3710 FFU: change transfer parameters for database resync
7335bc1a5 Wire up the tripleo-upgrades-wallaby-pipeline
81373cb67 Moves undercloud upgrade introspection data migration to step 1
59a235340 Simplify libvirt/qemu ssl certificates
8c2862d23 Neutron: Use the pids subsystem to look up container id
2d407a8f5 Adjust enable-stf.yaml for latest recommendations
d5b8ced54 Support cinder image conversion on an NFS share
ddcb24798 Get roles data from stack output on UC upgrade
12156c09c Add THT Jinja2 data sources as stack output
ba7d5b627 Enable DPDK OVS PMD Auto Load Balance
2f0689d8d Remove NovaVncProxyNetwork from ServiceNetMap
37811641f Move designate from experimental
497582342 Support additional IP so bind and unbound can collocate
7d602ed90 Extend UC ephemeral heat to export network
94d994946 Pass scripts list for download for sensubility
476e444b8 Simplify nova service templates
443498e69 Support for OVS DPDK pmd auto balance parameters.
fdfd4e992 Do not run Swift rsync container in single replica mode
18b544723 Add Ephemeral Heat service
a15452998 Add network-v2 default files + vip data examples
f1d4c29d5 Move scenario004 to cephadm
d098242f7 Always run network config for undercloud
e38ea651e Fix NetworkDeploymentActionValue format
ef18f2515 Add support for keystone_authtoken/memcache_use_advanced_pool
3737ec8fd Set tripleo_cephadm rbd mirror vars
e987a2340 Limit collectds memory usage
0a690e519 Introduce nova virtlogd wrapper
e2ff0b446 Set OS_CLOUD instead in stackrc
2d095f314 Revert "Always run network config for undercloud"
a15698b7f Revert "Always run network config for undercloud"
5e941e4ef Remove heat::heat_keystone_clients_url definition
17de50a8d Add post_upgrade_task and remove puppet-ceph pkg
c2966ca0f Always run network config for undercloud
cb8f13027 Ignore puppet_config is an empty dict
ad010c084 Switch barbican actions to use kolla_config
4758c3e7c Fix typo that breaks Octavia db sync step
fd0a1aca1 Use kolla_config for other actions
733f3ecbe Add glance db purge job
61575a7d7 Make UpgradeLeappDevelSkip per-role
e91fabbcd Use community.general ansible collection instead of modules
8100f86e8 Refactor OVN bridge MAC addresses
713533207 Bump ovs and ovn versions to 2.15 for FFWD.
1ff7e9be9 Fix broken restart of ovndb_server during minor update
76b5cf4d6 Set ganesha idmap.conf file path and overrides
00884af21 Add alertmanager port parameter
d03517b61 HA minor update: fix bad pcs invocation
63c3afa8c Cleanup optional flag for conf.modules.d
7dea661f6 Fix container security_opts type
20840a7a5 Update rhsm repo examples for RHEL8 deployments
71223f9ee Add OS::TripleO::UndercloudUpgradeEphemeralHeat
7e3e0c0f2 Fix typo in ceilometer-write-qdr environment file
808f66e7a Add param for RBD disk cache modes
a76bd1a69 Add option for enabling rsyslog reopenOnTruncate
0c97152f2 Update TOX_CONSTRAINTS_FILE for stable/wallaby
Diffstat (except docs and test files)
-------------------------------------
ci/environments/scenario003-standalone.yaml | 13 +-
ci/environments/scenario004-standalone.yaml | 58 +--
common/common-container-config-scripts.yaml | 2 +-
common/deploy-steps-playbooks-common.yaml | 7 +-
common/deploy-steps-tasks-step-0.j2.yaml | 2 +-
.../pacemaker_restart_bundle.sh | 2 +-
deployed-server/deployed-server.yaml | 2 +
deployment/aodh/aodh-api-container-puppet.yaml | 28 +-
.../barbican/barbican-api-container-puppet.yaml | 209 +++++---
.../ceilometer-agent-central-container-puppet.yaml | 14 +-
deployment/ceph-ansible/ceph-base.yaml | 5 +-
deployment/ceph-ansible/ceph-client.yaml | 5 +-
deployment/ceph-ansible/ceph-external.yaml | 5 +-
deployment/ceph-ansible/ceph-grafana.yaml | 5 +-
deployment/ceph-ansible/ceph-mds.yaml | 5 +-
deployment/ceph-ansible/ceph-mgr.yaml | 5 +-
deployment/ceph-ansible/ceph-mon.yaml | 5 +-
deployment/ceph-ansible/ceph-nfs.yaml | 5 +-
deployment/ceph-ansible/ceph-osd.yaml | 5 +-
deployment/ceph-ansible/ceph-rbdmirror.yaml | 5 +-
deployment/ceph-ansible/ceph-rgw.yaml | 5 +-
deployment/cephadm/ceph-base.yaml | 12 +-
deployment/cephadm/ceph-client.yaml | 5 +-
deployment/cephadm/ceph-external.yaml | 5 +-
deployment/cephadm/ceph-grafana.yaml | 6 +-
deployment/cephadm/ceph-mds.yaml | 5 +-
deployment/cephadm/ceph-mgr.yaml | 5 +-
deployment/cephadm/ceph-mon.yaml | 5 +-
deployment/cephadm/ceph-nfs.yaml | 7 +-
deployment/cephadm/ceph-osd.yaml | 5 +-
deployment/cephadm/ceph-rbdmirror.yaml | 30 +-
deployment/cephadm/ceph-rgw.yaml | 5 +-
deployment/cinder/cinder-api-container-puppet.yaml | 39 +-
.../cinder/cinder-common-container-puppet.yaml | 64 ++-
.../cinder/cinder-volume-container-puppet.yaml | 3 +-
deployment/database/mysql-container-puppet.yaml | 2 +-
deployment/database/mysql-pacemaker-puppet.yaml | 16 +
deployment/database/redis-container-puppet.yaml | 2 +-
.../mistral/mistral-api-container-puppet.yaml | 30 +-
deployment/deprecated/mistral/mistral-base.yaml | 6 +
.../novajoin/novajoin-container-puppet.yaml | 6 +
.../deprecated/zaqar/zaqar-container-puppet.yaml | 20 +-
.../designate/designate-api-container-puppet.yaml | 8 +-
.../designate/designate-base.yaml | 0
.../designate/designate-bind-container.yaml | 2 +-
.../designate-central-container-puppet.yaml | 30 +-
.../designate/designate-mdns-container-puppet.yaml | 4 +-
.../designate-producer-container-puppet.yaml | 2 +-
.../designate/designate-sink-container-puppet.yaml | 2 +-
.../designate-worker-container-puppet.yaml | 2 +-
deployment/etcd/etcd-container-puppet.yaml | 3 +-
deployment/glance/glance-api-container-puppet.yaml | 99 +++-
.../gnocchi/gnocchi-api-container-puppet.yaml | 9 +-
deployment/haproxy/haproxy-container-puppet.yaml | 3 +-
deployment/heat/heat-api-cfn-container-puppet.yaml | 3 -
deployment/heat/heat-api-container-puppet.yaml | 3 -
deployment/heat/heat-base-puppet.yaml | 7 +-
deployment/heat/heat-engine-container-puppet.yaml | 19 +-
.../heat/heat-ephemeral-container-ansible.yaml | 74 +++
deployment/horizon/horizon-container-puppet.yaml | 3 -
.../image-serve/image-serve-baremetal-ansible.yaml | 2 +-
deployment/ironic/ironic-api-container-puppet.yaml | 24 +-
.../ironic/ironic-conductor-container-puppet.yaml | 2 +-
.../ironic/ironic-inspector-container-puppet.yaml | 16 +-
deployment/ironic/ironic-pxe-container-puppet.yaml | 6 +-
deployment/iscsid/iscsid-container-puppet.yaml | 2 +-
deployment/keystone/keystone-container-puppet.yaml | 3 -
deployment/logging/rsyslog-baremetal-ansible.yaml | 5 +-
deployment/logging/rsyslog-container-puppet.yaml | 13 +-
deployment/manila/manila-api-container-puppet.yaml | 25 +-
.../manila/manila-share-container-puppet.yaml | 2 +-
.../messaging/rpc-qdrouterd-container-puppet.yaml | 2 +-
deployment/metrics/collectd-container-puppet.yaml | 10 +
deployment/neutron/kill-script | 2 +-
.../neutron-agents-ib-config-container-puppet.yaml | 3 +-
.../neutron/neutron-api-container-puppet.yaml | 35 +-
.../neutron/neutron-dhcp-container-puppet.yaml | 3 +-
.../neutron-mlnx-agent-container-puppet.yaml | 3 +-
.../neutron-ovs-agent-container-puppet.yaml | 6 +-
deployment/nova/nova-api-container-puppet.yaml | 148 +++---
deployment/nova/nova-apidb-client-puppet.yaml | 21 +-
deployment/nova/nova-az-config.yaml | 23 +-
deployment/nova/nova-base-puppet.yaml | 25 +-
.../nova/nova-compute-common-container-puppet.yaml | 1 -
deployment/nova/nova-compute-container-puppet.yaml | 224 ++++----
.../nova/nova-conductor-container-puppet.yaml | 49 +-
deployment/nova/nova-db-client-puppet.yaml | 23 +-
deployment/nova/nova-ironic-container-puppet.yaml | 46 +-
deployment/nova/nova-libvirt-container-puppet.yaml | 563 +++++++++------------
deployment/nova/nova-manager-container-puppet.yaml | 4 +-
.../nova/nova-metadata-container-puppet.yaml | 52 +-
.../nova-migration-target-container-puppet.yaml | 4 +-
.../nova/nova-scheduler-container-puppet.yaml | 17 +-
.../nova/nova-vnc-proxy-container-puppet.yaml | 71 +--
.../octavia/octavia-api-container-puppet.yaml | 26 +-
.../octavia/octavia-deployment-config.j2.yaml | 5 +-
.../openvswitch-dpdk-baremetal-ansible.yaml | 56 ++
...vswitch-dpdk-netcontrold-container-ansible.yaml | 3 +-
.../ovn/ovn-controller-container-puppet.yaml | 55 ++
deployment/ovn/ovn-dbs-container-puppet.yaml | 6 +-
deployment/ovn/ovn-dbs-pacemaker-puppet.yaml | 2 +-
.../pacemaker/pacemaker-baremetal-puppet.yaml | 12 +-
.../placement/placement-api-container-puppet.yaml | 35 +-
deployment/podman/podman-baremetal-ansible.yaml | 2 +-
deployment/qdr/qdrouterd-container-puppet.yaml | 2 +-
deployment/rabbitmq/rabbitmq-container-puppet.yaml | 4 +-
...rabbitmq-messaging-notify-container-puppet.yaml | 4 +-
.../rabbitmq-messaging-pacemaker-puppet.yaml | 2 +-
.../rabbitmq-messaging-rpc-container-puppet.yaml | 4 +-
.../rabbitmq-messaging-rpc-pacemaker-puppet.yaml | 2 +-
deployment/swift/swift-proxy-container-puppet.yaml | 3 -
.../swift/swift-ringbuilder-container-puppet.yaml | 2 +-
.../swift/swift-storage-container-puppet.yaml | 44 +-
.../tripleo-packages-baremetal-puppet.yaml | 16 +-
deployment/unbound/unbound-container-ansible.yaml | 75 ++-
.../undercloud-upgrade-ephemeral-heat.yaml | 69 +++
deployment/undercloud/undercloud-upgrade.yaml | 29 +-
environments/enable-designate.yaml | 15 +-
environments/enable-stf.yaml | 99 ++--
.../lifecycle/undercloud-upgrade-prepare.yaml | 4 +-
environments/lifecycle/upgrade-prepare.yaml | 2 +-
environments/metrics/ceilometer-write-qdr.yaml | 2 +-
environments/rhsm.yaml | 35 +-
environments/standalone/standalone-overcloud.yaml | 2 -
environments/standalone/standalone-tripleo.yaml | 2 -
environments/undercloud.yaml | 7 +-
environments/undercloud/undercloud-minion.yaml | 2 -
extraconfig/post_deploy/undercloud_post.sh | 23 +-
extraconfig/post_deploy/undercloud_post.yaml | 16 +-
.../vip-data-default-network-isolation.yaml | 39 ++
network-data-samples/vip-data-fixed-ip.yaml | 35 ++
network-data-samples/vip-data-routed-networks.yaml | 40 ++
network/service_net_map.j2.yaml | 7 +-
network_data_default.yaml | 7 +
overcloud-resource-registry-puppet.j2.yaml | 6 +-
overcloud.j2.yaml | 20 +-
puppet/role.role.j2.yaml | 33 +-
...cinder-nfs-conversion-dir-ba9b8dce515808ce.yaml | 8 +
...-stf-no-resource-registry-db6ee6319964ab7f.yaml | 20 +
.../notes/glance-db-purge-bb185353a45880c7.yaml | 6 +
...emcache_use_advanced_pool-41ca18221e60c05a.yaml | 7 +
...t_ssl_cert_simplification-dbee541be9f55ce5.yaml | 30 ++
.../nova_virtlogd_wrapper-120fcfcfa0787b2b.yaml | 17 +
.../ovs-dpdk-pmd-params-55df11e67acb6736.yaml | 7 +
.../notes/ovs_dpdk_pmd-74f4cfa0ef280cc0.yaml | 5 +
.../rbd-disk-cache-modes-284a73271741ea62.yaml | 5 +
...ud-upgrade-ephemeral-heat-c838a9c61fc742a3.yaml | 8 +
.../upgradeleapp-per-role-ad2e84e317ec1291.yaml | 6 +
roles/Undercloud.yaml | 2 +
roles_data_undercloud.yaml | 2 +
sample-env-generator/enable-services.yaml | 12 +-
sample-env-generator/standalone.yaml | 7 -
sample-env-generator/undercloud-minion.yaml | 4 -
scripts/undercloud-upgrade-ephemeral-heat.py | 406 +++++++++++++++
tools/yaml-validate.py | 6 +-
tox.ini | 4 +-
vip_data_default.yaml | 8 +
zuul.d/layout.yaml | 2 +-
158 files changed, 2475 insertions(+), 1329 deletions(-)
More information about the Release-announce
mailing list